if through TOR, then your tourists won't be able to take advantage of location services
– schroeder♦Sep 7 '16 at 17:20

OK, I could setup Exit Node Country to the same country they are in. This would at least not cripple Google.
– AriaSep 7 '16 at 17:24

2

Disabling everything but HTTPS will lead to a very limited internet experience because even though it is 2016 there are still quite a lot of websites which don't support HTTPS.
– PhilippSep 7 '16 at 17:29

You might still have issues with your ISP - the ToS can differ.
– John DvorakSep 7 '16 at 17:31

3 Answers
3

Yes, quite a few points. Passing everything through TOR has the following consequences:

Much slower traffic, which on a public WiFi spot is killing

Constant security checks. Google, CloudFlare and Akamai all require CAPTCHAs. Every once in a while is OK, but on all requests can become irritating.

Blocked site that disallow TOR exit traffic.

TOR doesn't protect against people sniffing WiFi traffic at all. The TOR uplink can only be placed behind the WiFi access point. To prevent users from reaching each other you should enable AP isolation on the access point itself. Only allowing TLS/SSL/HTTPS etc.. traffic doesn't make much sense either. This limits users in what they can do without providing any additional security.

Only allowing TLS enabled traffic would protect users from traffic monitoring on the transport layer, but it's still possible to see which servers a user contacts. So an attacker gets server names and he could still gain useful information from requests/response size, timing, contacted servers. But it's very unlikely that an attacker could extract passwords, personal data or cookies from the data.

The problem is, that this protects only from a passive attacker. An active attacker could set up an evil twin, an access point with the same name. He could allow non-TLS-traffic and even try to strip down TLS traffic. (HSTS mitigates this issue for many websites today, but not completely).

That's a problem that all unencrypted WiFis has today and the only solution would be, that the user authenticates your Access Point. You could do this with WPA-Enterprise set up, but from a usability perspective it's too complicated for the users I think. Another solution would be giving an unique WPA-PSKs (pre-shared keys) to every new user. (If you're giving all users the same PSK, an attacker could set up an evil twin again or decrypting traffic if he has recorded the WPA handshake.)

Using TOR would mitigate the problem that you would be responsible for the things people do over your internet connection, but as @yorick-de-wid already mentioned this has a few usability consequences. In Germany as example there is a project called Freifunk, which is non-commercial initiative for free wireless networks. They provide a gateway, where you can route the traffic of your users through. The connection to the gateway is encrypted using a VPN tunnel. I would recommend using such a service, if available in your area.

Why not setup 802.1x auth? Devices that support any proper form of WiFi crypto will almost always support something like WPA2 Enterprise as well. Instead of then directing users to a simple web captive portal, where they enter their access code (on a non-secured 802.11 network), just have them use that access code as username+password and they'll have their own secure connection. If you want to have an insecure alternative you can just add a second SSID with no crypto for those with older or bad devices.

OK I didn't knew that if I setup captive portal then they can still authenticate with Facebook and this way it will be sniffing-proof.
– AriaSep 7 '16 at 22:36

1

It's always a tradeoff between ease of use and security. If you want users to find your WiFi network in their list of available networks without knowing who owns it or where it is, and randomly use it for whatever they want, this won't work. But if you have a hotel or restaurant or some sort of tourist office where you have to go to get a code before you can access WiFi, then this will work. I guess more context is needed for a better fitting answer.
– John KeatesSep 7 '16 at 22:40